Difference between revisions of "GVPolicy"
(→Description) |
(→Description) |
||
| Line 4: | Line 4: | ||
An access control list (ACL),in {{GVESB}}, define a set of authorizations attached to a {{GVESB}} services. | An access control list (ACL),in {{GVESB}}, define a set of authorizations attached to a {{GVESB}} services. | ||
| − | When a subject requests an invocation of {{GVESB}} service in an ACL-based security model, {{GVESB}} first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When | + | When a subject requests an invocation of {{GVESB}} service in an ACL-based security model, {{GVESB}} first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure your service access control list for a specific role, a subnet or a specific ip. |
=={{GVESB}} Configuration== | =={{GVESB}} Configuration== | ||
Revision as of 15:21, 11 June 2013
Contents
Description
GVPolicy element defines the configuration of the GreenVulcano® ESB ACL Policy framework.
An access control list (ACL),in GreenVulcano® ESB, define a set of authorizations attached to a GreenVulcano® ESB services. When a subject requests an invocation of GreenVulcano® ESB service in an ACL-based security model, GreenVulcano® ESB first checks the ACL for an applicable entry to decide whether the requested operation is authorized. When you create a service, you can configure your service access control list for a specific role, a subnet or a specific ip.
GreenVulcano® ESB Configuration
Element GVPolicy belongs to GVCore and it is visualized from the VulCon® Core View.
The following table shows the GVPolicy attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value module. |
| name | fixed | This attribute must assume the value POLICY_MANAGER. |
Its subelements are:
Roles
This element defines the roles to be used in ACL configuration. Might contain more Role elements.
Role
Its attributes are:
| Attribute | Type | Description |
|---|---|---|
| name | required | Role name |
ACLGreenVulcano
ACLGreenVulcano is the implementation that associates an ACL to a resource (ex. a GreenVulcano® ESB service)
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | This attribute must assume the value acl-manager |
| class | fixed | This attribute must assume the value it.greenvulcano.gvesb.policy.impl.ACLGreenVulcano |
Its subelements are:
DefaultRes
This element defines a default ACL definition.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
Its subelements are:
ServiceRes
This elements defines a GVCore group/service/operation ACL definition.
The following table shows its attributes:
| Attribute | Type | Description |
|---|---|---|
| type | fixed | "resource" |
| group | required | Group name. |
| service | required | Service name. |
| operation | required | Operation name. |
Its subelements are:
{{#w4grb_rate:}} <w4grb_ratinglist latestvotes items="5" nosort/>
